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IN THE CLAIMS: 

1 . (Currently Amended): A method of pro-actively refreshing credentials by an entity 
that maintains credentials, the method comprising th e st e ps of : 

a) storing in a memory, a profile collection having at least one credential 
profile, each credential profile including a credential and related 
information; and 

b) causing th e stor e d cr e d e ntial in th e cr e d e ntial profil e to be e xamin e d in 
accordanc e with a r e fr e sh policy; for each credential profile in the profile 
collection: 

e)i) in accordance with at least one criterion of a refresh policy, making 
a determination, from that credential profile's related information, 
of whether that comparing at l e ast on e crit e rion of th e r e fr e sh 
policy with th e r e lat e d information to d e t e rmin e if th e credential 
needs to be refreshed; 

d) ii) replacing the stored credential with a new credential in the 

credential profile i f the determination is that the stored credential 
does need fteeds to be refreshed; and 

e) iii) updating the related information of the new credential in the 

credential profile.^aftd 
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19 f) r e peating th e st e ps of c) — e ) on a n e xt cr e d e ntial profil e in th e profil e 

20 coll e ction. 

1 2. (Currently Amended): The method of claim 1 , wherein b e for e st e p a), the method 

2 further comprises th e st e ps o f creating the profile collection by, for each of at least one 

3 needed credential, t 

4 determining if- whether the profile collection includes a credential profile for a ^that 

5 needed credential^-existst and^ if not, them 

6 creating an empty credential profile; 

7 gathering the- that needed credential; 

8 storing the- that needed credential in the credential profile; 

9 obtaining related information including resource constraints on the- that needed 

10 credential; and 

1 i storing the information in the credential profilet-aftd 

12 rep e ating th e st e ps if anoth e r cr e d e ntial profil e n ee ds to b e cr e at e d . 

. i 3. (Currently Amended): The method of claim 2, wherein th e st e p of obtainin g the 

2 resource constraints is p e rform e d are obtained by manual entry of a user. 
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4. (Currently Amended): The method of claim 2, wherein the step of obtaining resource 
constraints is-are deduced through access attempts. 

5. (Currently Amended): The method of claim 2, wherein the st e p of obtaining resource 
constraints is- are obtained from a directory. 

6. (Currently Amended): The method of claim 2, wherein the st e p of obtaining resource 
constraints areis obtained from a resource server. 

7. (Original): The method of claim 2, wherein the stored credential includes a public 
key identity credential. 

8. (Original): The method of claim 2, wherein the stored credential includes a group 
membership credential. 

9. (Original): The method of claim 2, wherein the stored credential includes a group 
non-membership credential. 

10. (Original): The method of claim 2, wherein the stored credential includes a non- 
revocation credential. 
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1 11. (Original): The method of claim 2, wherein the stored resource constraints include a 

2 recency requirement. 

1 12. (Original): The method of claim 2, wherein the stored resource constraints include a 

2 trust level. 

1 13. (Original): The method of claim 2, wherein the stored resource constraints include a 

2 maximum credential chain length. 

1 14. (Currently Amended): The method of claim 1, wherein the related information 

2 includes storing information on a credential identifier. 

1 15. (Currently Amended): The method of claim 1, wherein the related information 

2 includes storing information on when the credential was issued. 

1 16. (Currently Amended): The method of claim 1, wherein the related information 

2 includes storing information on when the credential was last used for a resource access. 
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1 17. (Currently Amended): The method of claim 1, wherein the related information 

2 includes storing information on the resource on which r e sourc e the credential was last 

3 used. 



1 18. (Currently Amended): The method of claim 1 , wherein at least one said criterion is 

2 such that the method includes refreshing credentials that are older than a certain time 

3 period. 

1 19. (Currently Amended): The method of claim 1, wherein at least one said criterion is 

2 such that the method includes refreshing credentials that were last used within a certain 

3 time period. 

1 20. (Currently Amended): The method of claim 1 , wherein at least one said criterion is 

2 such that the method includes refreshing credentials that are older than an associated 

3 recency requirement. 

1 21. (Currently Amended): The method of claim 1 , wherein at least one said criterion is 

2 such that the method includes refreshing credentials that are predicted to be used in a next 

3 session. 
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1 22. (Currently Amended): A processor e x e cutabl e -readable medium having instructions 

2 contained therein which when executed by a processor causes the processor to execute a 

3 method of pro-actively refreshing credentials by an entity that maintains credentials, the 

4 method comprising th e s t e ps of : 

5 a) storing in a memory, a profile collection having at least one credential 

6 profile, each credential profile including a credential and related 

7 information; and 

8 b) causing th e stor e d cr e d e ntial in the cr e d e ntial profil e to b e e xamin e d in 

9 accordanc e with a r e fresh policy; for each credential profile in the profile 

10 collection: 

n e)i) in accordance with at least one criterion of a refresh policy, making 

12 a determination, from that credential profile's related information, 

13 of whether that comparing at l e ast on e crit e rion of th e r e fr e sh 

i 4 policy with th e r e lat e d information to d e t e rmin e if th e credential 

is needs to be refreshed; 

16 d)ii) replacing the stored credential with a new credential in the 

17 credential profile i f the determination is that the stored credential 
is needs to be refreshed; and 

19 eMii) updating the related information of the new credential in the 

20 credential profile.f-and 
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£) r e p e ating th e st e ps of c) — e ) on a n e xt cr e d e ntial profil e in th e profil e 

coll e ction. 

23. (Currently Amended): The processo r e x e cutabl e -readable medium of claim 22, 
wherein b e for e st e p a), the method further comprises creating the profile collection by, 
for each of at least one needed credential, t 

determining ^ whether the profile collection includes a credential profile for a- that 
needed credential e xists; and A if not, then 

creating an empty credential profile; 

gathering the- that needed credential; 

storing the- that needed credential in the credential profile; 

obtaining related information including resource constraints on the- that needed 

credential; and 

storing the information in the credential profilef-and 

r e p e ating th e steps if anoth e r cr e d e ntial profil e n ee ds to b e cr e at e d . 

24. (Currently Amended): The processo r e x e cutabl e -readable medium of claim 23, 
wherein the st e p of obtaining resource constraints is p e rform e d are obtained by manual 
entry of a user. 
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1 25. (Currently Amended): The processo r e x e cutabl e -readable medium of claim 23, 

2 wherein the st e p of obtaining resource constraints is d e duc e d are obtained by deducing 

3 them through access attempts. 

1 26. (Currently Amended): The processor e x e cutable -readable medium of claim 23, 

2 wherein the step of obtaining resource constraints areis obtained from a directory. 

1 27. (Currently Amended): The processor e x e cutabl e -readable medium of claim 23, 

2 wherein the st e p of obtaining resource constraints is- are obtained from a resource server. 

1 28. (Currently Amended): The processo r e x e cutabl e -readable medium of claim 23, 

2 wherein the stored credential includes a public key identity credential. 

1 29. (Currently Amended): The processo r e x e cutabl e -readable medium of claim 23, 

2 wherein the stored credential includes a group membership credential. 

1 30. (Currently Amended): The processo r e x e cutabl e -readable medium of claim 23, 

2 wherein the stored credential includes a group non-membership credential. 
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3 1 . (Currently Amended): The processo r e x e cutabl e -readable medium of claim 23, 
wherein the stored credential includes a non-revocation credential. 

32. (Currently Amended): The processo r e x e cutabl e -readable medium of claim 23, 
wherein the stored resource constraints include a recency requirement. 

33. (Currently Amended): The processo r e x e cutabl e -readable medium of claim 23, 
wherein the stored resource constraints include a trust level. 

34. (Currently Amended): The processo r e x e cutabl e -readable medium of claim 23, 
wherein the stored resource constraints include a maximum credential chain length. 

35. (Currently Amended): The processo r e x e cutable -readable medium of claim 22, 
wherein the related information includes storing information on a credential identifier. 

36. (Currently Amended): The processor e x e cutabl e -readable medium of claim 22, 
wherein the related information includes storing information on when the credential was 
issued. 
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37. (Currently Amended): The processo r ex e cutabl e -readable medium of claim 22, 
wherein the related information includes storing information on when the credential was 
last used for a resource access. 

38. (Currently Amended): The processo r ex e cutabl e -readable medium of claim 22, 
wherein the related information includes sterin^information on the resource on which 
r e sourc e the credential was last used. 

39. (Currently Amended): The processor e x e cutabl e -readable medium of claim 22, 
wherein at least one said criterion is such that the method includes refreshing credentials 
that are older than a certain time period. 

40. (Currently Amended): The processo r e x e cutabl e -readable medium of claim 22, 
wherein at least one said criterion is such that the method includes refreshing credentials 
that were last used within a certain time period. 

41 . (Currently Amended): The processo r executabl e -readable medium of claim 22, 
wherein at least one said criterion is such that the method includes refreshing credentials 
that are older than an associated recency requirement. 
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42. (Currently Amended): The processor e x e cutable -readable medium of claim 22, 
wherein at least one said criterion is such that the method includes refreshing credentials 
that are predicted to be used in a next session. 

43. (Original): A system for pro-actively refreshing credentials by an entity that 
maintains credentials, the system comprising: 

a memory to store a profile collection having at least one credential profile, each 
credential profile including a credential and related information; 
a circuit to read the credential profile; 

a refresh policy stored in the memory to determine if the credential needs to be 
refreshed using the related information, wherein the circuit replaces the stored 
credential with a new credential in the credential profile if the stored credential 
needs to be refreshed and the circuit updates the related information of the new 
credential in the credential profile. 

44. (Currently Amended): The system of claim 43, wherein syst e m furth e r 
compris e s the circuit is configured to- r 

th e circuit configur e d to determine , for each of at least one needed credential, whetherif 
the profile collection includes a credential profile for a- that needed credential-exist; and,, 
if not, then 
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th e circuit configur e d to create an empty credential profile in the memory, the 
circuit furth e r configur e d to gather the- that needed credential; and 
store the- that needed credential in the credential profile^ 

th e circuit configur e d to obtain related information including resource constraints 

on the- that needed credential and 

store the information in the credential profile. 

45. (Original): The system as in claim 44, wherein the circuit is a processor. 

46. (Currently Amended): The system of claim 44, wherein the resource constraints 
areis obtained by manual entry of a user. 

47. (Currently Amended): The system of claim 44, wherein the resource constraints is 
are deduced through access attempts. 

48. (Currently Amended): The system of claim 44, wherein the resource constraints 
areis obtained from a directory. 

49. (Currently Amended): The system of claim 44, wherein the resource constraints 
areis obtained from a resource server. 
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50. (Original): The system of claim 44, wherein the stored credential includes a public 
key identity credential. 

5 1 . (Original): The system of claim 44, wherein the stored credential includes a group 
membership credential. 

52. (Original): The system of claim 44, wherein the stored credential includes a group 
non-membership credential. 

53. (Original): The system of claim 44, wherein the stored credential includes a non- 
revocation credential. 

54. (Original): The system of claim 44, wherein the stored resource constraints include 
a recency requirement. 

55. (Original): The system of claim 44, wherein the stored resource constraints include 
a trust level. 

56. (Original): The system of claim 44, wherein the stored resource constraints include 
a maximum credential chain length. 
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57. (Currently Amended): The system of claim 43, wherein the stered -related 
information includes a credential identifier. 

58. (Currently Amended): The system of claim 43, wherein the related stered 
information includes when the credential was issued. 

59. (Currently Amended): The system of claim 43, wherein the related s tared 
information includes when the credential was last used for a resource access. 

60. (Currently Amended): The system of claim 43, wherein the related s tored 
information includes on which resource the credential was last used. 

61 . (Original): The system of claim 43, wherein the refresh policy refreshes credentials 
that are older than a certain time period. 

62. (Original): The system of claim 43, wherein the refresh policy refreshes credentials 
that were last used within a certain time period. 

63. (Original): The system of claim 43, wherein the refresh policy refreshes credentials 
that are older than an associated recency requirement. 
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1 64. (Original): The system of claim 43, wherein the refresh policy refreshes credentials 

2 that are predicted to be used in a next session. 
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